[SOLVED] Windows hosts file modified by ZA Antivirus --> moved to a different product

I just edited my hosts file to point a bunch of adservers to 127.0.0.1 and ~~snip~~ ZA obliterated it and left me with a rudimentary hosts file that is next to useless.

"# This file has been restored by Kaspersky Anti-Virus because of possible infection

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

Re: Windows hosts file modified by ZA Antivirus

Hi!

I am afraid this is by-design. Please see this discussion at Kaspersky forum.

This can be easily rectified. You can simply restore the file from quarantine, uncheck "enable automatic treatment" and next time it is detected select "ignore always". This way that particular detection (probably "hosts" related) will be ignored (set back the treatment to automatic once finished).

You could also exclude hosts file from detection (on-access and on-demand) but this is highly not recommended as hosts file is often targeted by malware and this way you will open the system to manipulation.

Some offtopic remarks needed to go. Please note we are all users here trying to help each other exclusively on common product related issues, all the rest is out of scope. ZA staff does not monitor this board.

if you have a valid license you can contact, free of charge, the official ZA support at the link in my signature. Look for the live chact icon on top left of main support page.

Re: Windows hosts file modified by ZA Antivirus

I appreciate your response. I was obviously, hot under the collar, yesterday. I had already considered the actions you posted, but came to the conclusion that "always ignore", was a potential vulnerability.

Since there have been reports about the Kaspersky engine zapping hosts files, going back more than a year, at least, but nothing has been done about it, I have decided to go with software that does not contain the Kaspersky engine.

Re: Windows hosts file modified by ZA Antivirus

If the detection is specific to "hosts" then the risk will be negligible as you are not trusting any malware but only hosts modifications. On top, you can lock the hosts file with ZA to avoid any future changes (advanced firewall settings).

In any case good luck with your quest for another security tool.

Closing this thread since the issue is resolved as the user has moved to a different product.